1. What Makes a Government Contractor Acquisition Different
The defining legal difference between a government contractor acquisition and a commercial M&A transaction is that the government is an involuntary counterparty in every contract that transfers. Federal law prohibits assignment of government contracts without agency consent, so a buyer who acquires a federal contractor through an asset purchase or merger does not step into those contracts by operation of law. Instead, the parties must seek novation under FAR Subpart 42.12, a process by which the government formally recognizes the successor entity as the party to each contract. Until novation is recognized, the original contractor remains legally responsible for performance, and the successor performs on its behalf in an ambiguous intermediate status.
This non-assignability principle produces cascading legal requirements with no direct analogue in commercial deals. The novation package submitted to each cognizant contracting officer must include financial statements, legal opinions, representations of contractor responsibility, and documentation of the transaction structure. If the target holds contracts with multiple agencies, separate novation packages go to each, and the timelines for acknowledgment and execution vary by agency and by contracting officer caseload. Deal timelines must account for novation processing from the outset, and purchase agreements must include covenants requiring the target to cooperate with novation submissions.
Beyond novation, the govcon acquisition introduces compliance dimensions that commercial deals do not address: the target's facility security clearance, personnel clearances, ITAR registration, CAS compliance posture, OCI mitigation plans, SBA socioeconomic certifications, and mandatory disclosure obligations under FAR 52.203-13 all require analysis and, frequently, proactive management before or at closing. A buyer who treats a govcon acquisition as a standard commercial deal and discovers the novation requirement after LOI execution is already behind the timeline that a properly structured transaction demands.
2. Pre-LOI Due Diligence for Federal Contractor Targets
Due diligence for a government contractor acquisition begins before the letter of intent is signed, because the acquisition structure itself, whether asset purchase, stock purchase, or merger, determines the novation and clearance obligations that will govern the transaction. Pre-LOI diligence should identify every prime contract and significant subcontract in the target's portfolio, the contracting agency for each, the period of performance, the contract type (fixed-price, cost-reimbursement, time-and-materials, IDIQ), and any special clauses that create notification or approval obligations on change of ownership. This inventory is the foundation for estimating the novation timeline and the financial exposure if any agency declines to novate.
The clearance review in pre-LOI diligence should determine whether the target holds a facility security clearance, the level of that clearance, the programs it covers, and the nature of any existing FOCI mitigation agreements. If the acquirer is a foreign-controlled entity or a private equity fund with foreign limited partners, the FOCI analysis will determine whether the acquisition can proceed without a full proxy agreement or SSA, and whether CIFIUS review is required. These determinations affect deal feasibility and timeline, and they must be made before an LOI establishes exclusivity and creates transaction momentum that is difficult to reverse.
SBA affiliation analysis is equally time-sensitive. If the target derives a significant portion of its revenue from small business set-aside contracts and the acquirer is a large business, the post-closing business case must account for the loss of set-aside eligibility on the target's active contracts and pipeline. Pre-LOI diligence should quantify the revenue and contract value attributable to small business set-aside vehicles and model the post-closing revenue outlook under a scenario where the combined entity is ineligible to compete on set-aside opportunities. This analysis is often the most commercially consequential finding in a govcon deal and must inform the purchase price negotiation.
3. Novation Agreements under FAR Subpart 42.12
FAR Subpart 42.12 establishes the process by which a contractor may transfer its government contracts to a successor entity. The regulation applies when a contractor transfers all assets, or the portion of assets relevant to government contracts, to a third party as a result of a sale, merger, consolidation, or similar transaction. The process requires that the transferee submit a novation package to each cognizant contracting officer containing, at minimum: a copy of the instrument effecting the transfer, a list of contracts to be novated, evidence that the transferee has assumed all obligations under the contracts, financial statements demonstrating the transferee's responsibility, a legal opinion on the validity of the transfer, and a novation agreement signed by both the transferor and transferee.
The government is under no obligation to recognize a novation, and contracting officers have discretion to require additional documentation, consult with agency legal counsel, or decline novation if the transferee does not satisfy responsibility standards. In practice, most novation requests by financially stable transferees with relevant technical capabilities are approved, but the process is not automatic or fast. Buyers should plan for a novation timeline of 60 to 180 days after submission, with longer timelines for large contract portfolios spread across multiple agencies. Purchase agreements should include covenants obligating the seller to cooperate with novation preparation, access to records, and government contacts necessary to process the packages.
An important practical consideration is the distinction between the date the novation package is submitted and the date the novation agreement is executed. During the intervening period, the original contractor remains the party of record on all contracts, and the transferee performs as a practical matter but lacks the formal contractual relationship with the government. This interim period creates compliance exposure, including the risk that the transferee's indirect rates are billed under the original contractor's accounting system, and that any representations made in task order proposals or cost proposals are signed by an entity that is no longer the actual performer. Structuring the transition of billing systems, accounting codes, and proposal representations to align with novation execution requires careful coordination between counsel, the contracts department, and the finance team.
4. Recognition of Successor in Interest vs. Novation
FAR Subpart 42.12 contemplates two distinct legal situations that are sometimes conflated in practice. The first is recognition of a successor in interest, which occurs when a government contract is transferred by operation of law as a result of a merger in which the contractor entity survives. Because the surviving entity is the same legal entity that held the contract, no novation is required: the government recognizes the surviving entity as a successor in interest, and the administrative process is primarily one of updating the government's records to reflect the new ownership and, if applicable, the new name. The documentation required for successor in interest recognition is substantially lighter than for a novation, and agency processing is generally faster.
The second situation requiring novation is a true asset transfer: the contractor sells, transfers, or otherwise conveys its assets, including the government contracts (by consent), to a separate legal entity. In this case, the original legal entity no longer holds the contracts, and the government must execute a novation agreement formally substituting the transferee as the party to each contract. The distinction between a merger (successor in interest) and an asset sale (novation required) drives important structural decisions in govcon M&A. A stock purchase preserves the legal entity holding the contracts, avoiding novation but requiring a change-of-ownership disclosure and clearance notification. An asset purchase transfers the operating business to a new entity and requires full novation for every prime contract.
Buyers and sellers frequently underestimate the significance of this structural choice. A stock purchase of a government contractor with a clean compliance record avoids the novation process but inherits the seller's full compliance history, including any undisclosed violations, false claims exposure, suspension and debarment history, and CAS non-compliance findings. A structured asset purchase with carefully negotiated representations and indemnities provides cleaner protection against historical compliance liabilities but triggers full novation. The trade-off between novation burden and historical liability exposure is one of the central structural decisions in a govcon deal, and it must be analyzed with counsel who understands both dimensions before the acquisition structure is fixed in the LOI.
5. IDIQ, BPA, and Multiple-Award Contract Assignment Mechanics
Indefinite delivery, indefinite quantity (IDIQ) contracts, blanket purchase agreements (BPAs), and multiple-award contract (MAC) vehicles present particular complexity in a government contractor acquisition because the novation of the base IDIQ or MAC vehicle does not automatically novate the individual task orders issued under that vehicle. Each task order is a separate contractual obligation, and in transactions where the target holds hundreds of active task orders across one or more IDIQ vehicles, the mechanical task of identifying, listing, and tracking novation status for each task order is a significant administrative undertaking that must be managed by the contracts team with legal oversight.
IDIQ vehicles issued by the General Services Administration, such as GWAC vehicles like Alliant 2 or 8(a) STARS III, have their own novation and transfer policies that supplement FAR Subpart 42.12. GSA's policies for GWAC vehicle transfer typically require prior approval from GSA, separate from the individual contracting officer for each task order, and the timeline for GSA approval can be considerable. Similarly, government-wide acquisition contracts administered by other civilian agencies (NIH CIO-SP4, for example) each have specific transfer policies that must be researched independently. A buyer who assumes that novation of the base IDIQ automatically resolves all task order obligations under a GWAC vehicle will discover, through agency inquiry, that GSA or the relevant GWAC program office requires its own documentation and approval.
The value embedded in an IDIQ vehicle, particularly a ceiling-value GWAC position, is often a significant driver of the acquisition price. If the acquirer cannot access the IDIQ ceiling because the vehicle is not transferable (some vehicles prohibit transfer entirely) or because the novation process fails, the value proposition of the transaction is materially affected. Pre-LOI diligence must identify every IDIQ and GWAC vehicle in the portfolio, confirm the transferability of each under applicable vehicle ordering rules, and include that analysis in the financial model that supports the purchase price. Vehicles that cannot be novated should be flagged as contingent assets whose value depends on whether the government will permit the successor to continue placing orders.
6. SBA Size Standards and Affiliation After Acquisition
The SBA's size regulations at 13 C.F.R. Part 121 determine whether a business qualifies as small under the applicable NAICS code size standard, which is measured either in employees or annual receipts depending on the industry. A business is considered small only if it and its affiliates, taken together, do not exceed the applicable size standard. Affiliation arises when one entity controls or has the power to control another, including through stock ownership, common management, contractual relationships, or economic dependence. An acquisition that places a small business contractor under the control of a large business will result in the combined entity being classified as large for SBA purposes, regardless of the target's standalone size.
The SBA's affiliation rules are triggered by the acquisition itself, not by any formal SBA determination. From the date of closing, the target is affiliated with the acquirer for size determination purposes. If the combined entity exceeds the applicable size standard, the target must re-certify its size status within 30 days under 13 C.F.R. 121.404(g). A re-certification as other than small does not immediately terminate existing set-aside contracts, which generally continue to their period of performance (including options exercised before the re-certification), but the entity is ineligible to be awarded new set-aside contracts and may be ineligible to compete for option renewals on existing set-aside vehicles, depending on the terms of those vehicles.
The commercial impact of size reclassification depends entirely on the composition of the target's revenue. A contractor that derives a small fraction of revenue from set-aside vehicles and the remainder from full-and-open competition contracts may experience minimal disruption. A contractor that is primarily a set-aside specialist, competing almost exclusively on small business reserved work, may see the loss of its most competitive differentiation. Acquirers should model the revenue impact of size reclassification under multiple scenarios during due diligence: which contracts continue, which options expire, which pipeline opportunities disappear, and what competitive repositioning the combined entity will need to execute in full-and-open competition. This analysis directly informs purchase price, transition planning, and the earn-out structure if the seller's management team is retained.
7. 8(a), HUBZone, SDVOSB, WOSB, and VOSB Certification Transfer
Socioeconomic certifications under the SBA's small business programs are status-based designations attached to specific legal entities, not to contract vehicles or to the individuals who own those entities. An 8(a) Business Development program participant, a HUBZone-certified firm, a Service-Disabled Veteran-Owned Small Business (SDVOSB), a Women-Owned Small Business (WOSB), or a Veteran-Owned Small Business (VOSB) holds that status because the legal entity meets the ownership, control, and size requirements of the applicable program at the time of certification. A change of ownership disrupts the factual basis for those certifications, often categorically disqualifying the entity from continued participation.
The 8(a) program is the most restrictive from a transfer perspective. SBA regulations require prior approval before an 8(a) participant undergoes a change of ownership, and approval may be withheld if the transaction would result in the participant no longer meeting program eligibility requirements. More fundamentally, 8(a) certification is predicated on ownership and control by socially and economically disadvantaged individuals, a status that cannot be transferred to a buyer who does not independently qualify. Any acquisition of an 8(a) participant that places the entity under the control of a non-disadvantaged individual or entity will result in the loss of 8(a) status, which may trigger early graduation from the program and the termination of sole-source 8(a) contract award authority.
HUBZone, SDVOSB, WOSB, and VOSB certifications are similarly status-based, and a change of ownership that alters the ownership or control profile of the entity requires the entity to re-certify. If the post-acquisition ownership structure does not satisfy the applicable program requirements (principal office in a HUBZone, 51 percent ownership by service-disabled veterans, 51 percent ownership by women), the certification is lost. Buyers acquiring socioeconomic certifications as a strategic asset of the transaction must conduct thorough pre-closing analysis of whether the post-closing ownership structure will preserve the certification basis, and if not, whether the business plan for the combined entity depends on continued access to set-aside opportunities that the acquirer cannot legally access.
Evaluating a Federal Contractor Acquisition?
SBA size, novation timelines, and clearance continuity must be modeled before LOI execution. Acquisition Stars structures govcon deals to protect the contract portfolio value from day one of the transaction.
8. Small Business Set-Aside Eligibility Post-Closing
The post-closing set-aside eligibility framework is more nuanced than a simple binary of eligible or ineligible. Existing small business set-aside contracts generally continue performance through their base period and all priced options, even after the contractor re-certifies as other than small. The justification is that the government made its competition decision at the time of award when the contractor was small, and the government's interest is served by allowing performance to continue rather than re-competing mid-performance. However, unpriced option years on set-aside contracts present a more complex analysis, because the option is not priced and is not yet awarded, and some agencies treat unpriced options as new awards requiring a current size determination.
IDIQ task orders present yet another layer of complexity. A task order issued under a small business set-aside IDIQ vehicle is a new contract action, and if the ordering period of the IDIQ remains open after the contractor re-certifies as large, the contractor may be ineligible to receive additional task orders under that vehicle. This can effectively freeze the ceiling utilization on a small business IDIQ, eliminating future revenue from that vehicle even though the base vehicle is still active. For acquirers valuing the target based on IDIQ ceiling capacity and historical task order win rates, the loss of new task order eligibility can be a material valuation adjustment.
Buyers acquiring small business contractors who intend to maintain some form of set-aside access post-closing have explored a range of structures, including subsidiary arrangements, teaming agreements, and mentor-protege relationships. SBA's regulations on affiliation and ostensible subcontractor relationships impose limits on these structures that must be carefully analyzed to ensure they do not create new affiliation findings or violate program eligibility requirements. Structures designed to preserve small business status for an entity that is affiliated with a large business are consistently scrutinized by SBA and agency contracting officers, and any such arrangement should be reviewed by counsel before it is implemented or represented to the government as a compliant small business structure.
9. Facility Security Clearances (FCL) and DCSA Notification
A facility security clearance (FCL) is issued by the Defense Counterintelligence and Security Agency (DCSA) to a specific legal entity and authorizes that entity to access classified information in connection with government contracts requiring access to classified material. The FCL is not a property right that transfers with the entity's assets, and it is not automatically continued when the entity undergoes a change of ownership. An FCL is a status determination made by the government based on its assessment of the entity's trustworthiness, and a change of ownership requires the government to re-evaluate whether the entity under new ownership continues to satisfy the requirements for clearance maintenance.
DCSA requires notification of a change of ownership, key management personnel, or organizational structure that could affect the cleared entity's eligibility. The notification requirement is not post-closing: DCSA expects early notification, ideally before closing, to allow sufficient lead time for FOCI analysis and mitigation planning. The National Industrial Security Program Operating Manual (NISPOM), implemented through 32 C.F.R. Part 117, specifies the reporting requirements and timelines. Failure to notify DCSA promptly of a change of ownership that could affect clearance eligibility is itself a compliance violation that can result in suspension or revocation of the FCL.
In transactions involving foreign acquirers or private equity funds with foreign limited partners, DCSA's FOCI determination may result in a requirement that the cleared entity implement a FOCI mitigation agreement before the FCL can be continued. If mitigation cannot be agreed upon before closing, the parties face the prospect of a cleared entity losing its FCL at closing, which would immediately require the cessation of all classified work. This risk must be assessed and addressed in the pre-closing period, with DCSA counsel engaged well in advance of the anticipated closing date. Deal documentation should include closing conditions tied to DCSA's position on FCL continuity, and if FOCI mitigation is required, the negotiation and execution of the mitigation agreement should be a pre-closing covenant.
10. Personnel Clearances and the 30/60/90 Day Change of Condition Reporting
Individual personnel security clearances held by employees of the target entity are not directly affected by an acquisition in the same way that the facility clearance is. A cleared employee's personal clearance remains valid through a change of ownership because it is a status attached to the individual, not to the legal entity employing them. However, the cleared employee's continued access to classified information is conditioned on the employing facility maintaining a valid FCL and on the continued sponsorship of the employee by a cleared facility. If the FCL is suspended or revoked at closing because of an unresolved FOCI determination, individual personnel clearances become temporarily inaccessible even though they remain technically valid.
The change of condition reporting requirements under the NISPOM require cleared employees to self-report certain changes in personal circumstances within specified timeframes: typically 30 days for financial events above a certain threshold, 60 days for foreign contacts of a certain nature, and immediately for arrests or other specified events. A corporate acquisition is itself a change of condition for cleared employees who become employed by a foreign-owned or foreign-controlled entity, and the Facility Security Officer (FSO) has an obligation to review whether the change of ownership creates a reportable condition for any cleared employee. Acquirers should work with the target's FSO to ensure that the change of ownership is communicated to cleared employees with appropriate guidance on their individual reporting obligations.
From a human resources and integration planning perspective, the retention of cleared personnel is often the primary workforce risk in a government contractor acquisition. Cleared employees with active Top Secret or SCI access represent significant institutional value, and the loss of cleared employees during integration, whether due to change of control provisions in employment agreements, concerns about new ownership, or competing offers from other contractors, directly affects the cleared workforce capacity that underlies the contract portfolio being acquired. Retention plans, change of control provisions in key employee agreements, and integration communication strategies should be designed specifically to address the concerns of cleared personnel, whose employment market is specialized and whose skills are highly portable.
11. FOCI Mitigation: SSA, SCA, Proxy Boards, and Board Resolutions
Foreign Ownership, Control, or Influence (FOCI) is a condition that arises when a foreign interest has the power to direct or decide matters affecting the management or operations of a U.S. entity in a way that could result in unauthorized access to classified information. DCSA's FOCI determination considers the ownership percentage held by foreign persons, the nationality and government relationships of key foreign investors, the degree of control exercised through governance rights, and the nature of the classified programs the entity performs. A transaction that places a cleared U.S. contractor under any degree of foreign control requires DCSA to determine whether a FOCI mitigation instrument is required and, if so, which instrument is appropriate.
The Special Security Agreement (SSA) is the most common FOCI mitigation instrument for majority foreign-owned cleared contractors. The SSA establishes a Government Security Committee (GSC) composed of U.S. citizen senior officers who are responsible for overseeing the classified operations of the entity, excluding foreign owners from access to classified information, and serving as the primary point of contact with DCSA. The foreign owners retain economic interest but surrender operational control over the classified business to the GSC. A Security Control Agreement (SCA) is used for lower levels of foreign interest and imposes less restrictive governance requirements, typically requiring a board resolution limiting foreign access and establishing U.S. citizen oversight of the security program.
In cases of complete or near-complete foreign ownership where the nature of the classified programs makes even an SSA insufficient to protect national security, DCSA may require a proxy agreement or voting trust. Under a proxy agreement, all voting rights in the cleared entity are placed in the hands of U.S. citizen proxy holders approved by DCSA, who exercise full governance rights on behalf of the foreign owner. The foreign owner retains economic interest but has no governance authority over the cleared entity. Proxy agreements are operationally complex, expensive to administer, and require DCSA approval of changes to proxy holder composition, but they allow foreign-owned entities to maintain cleared status in circumstances where a lesser mitigation instrument would be insufficient. Transactions requiring proxy agreements should plan for a negotiation and DCSA approval process that can extend the pre-closing timeline by several months.
12. CIFIUS Jurisdiction over Cleared and Critical Technology Contractors
The Committee on Foreign Investment in the United States (CIFIUS) reviews acquisitions of U.S. businesses by foreign persons for national security implications. For government contractors, CIFIUS jurisdiction is particularly significant because cleared contractors and entities involved in critical technology, critical infrastructure, or the handling of sensitive personal data are subject to mandatory CIFIUS filing requirements under the Foreign Investment Risk Review Modernization Act (FIRRMA). Mandatory declarations are required for any foreign government-controlled acquisition of a TID U.S. business (technology, infrastructure, data) and for certain investments in U.S. businesses that produce, design, test, or develop items controlled under the Export Administration Regulations, ITAR, or certain atomic energy authorities.
For cleared contractors, the mandatory filing obligation arises because possession of a facility security clearance is itself a criterion that can trigger CIFIUS jurisdiction. Any transaction in which a foreign person acquires any interest in a cleared U.S. business, including a minority investment, may require a CIFIUS filing depending on the degree of access to classified information, the nature of the classified programs, and the nationality of the foreign person. Private equity transactions involving foreign limited partners must be analyzed for CIFIUS exposure even where the general partner is a U.S. entity, because CIFIUS looks through fund structures to identify foreign persons with beneficial interests above specified thresholds.
The consequences of failing to file when a mandatory CIFIUS declaration is required include CIFIUS's authority to investigate and unwind the transaction after closing, civil penalties, and referral to the Department of Justice. For transactions involving cleared contractors, CIFIUS and DCSA work in close coordination, and a FOCI determination by DCSA that a transaction requires mitigation will typically prompt concurrent CIFIUS review of the same transaction. Buyers who are foreign persons or who have foreign limited partners should retain CIFIUS counsel at the pre-LOI stage to determine whether a mandatory filing is required, whether a voluntary filing is advisable, and how the CIFIUS process should be sequenced relative to DCSA engagement and deal closing.
13. ITAR Registration Transfer and EAR Compliance
The International Traffic in Arms Regulations (ITAR), administered by the Directorate of Defense Trade Controls (DDTC) within the State Department, regulate the export, temporary import, and brokering of defense articles and services controlled under the United States Munitions List (USML). Any manufacturer, exporter, or broker of USML-controlled items must be registered with DDTC, and that registration is issued to the specific legal entity. A change of ownership of the registered entity triggers mandatory notification to DDTC under 22 C.F.R. 122.4(a) within five days of the change. Failure to provide timely notification is a violation of ITAR that can result in civil penalties of up to $1.3 million per violation and criminal penalties up to $1 million per violation and 20 years imprisonment.
If the transaction structure results in the ITAR-registered entity being merged into or absorbed by the acquirer, the acquirer must apply for its own ITAR registration rather than relying on the target's registration. The ITAR registration application process requires disclosure of all foreign persons with ownership or control interests in the applying entity, which directly intersects with CIFIUS and FOCI analysis. An acquirer with foreign ownership may face DDTC scrutiny that parallels and informs the CIFIUS review, and the timeline for ITAR registration approval should be factored into the closing timeline for any transaction where the acquirer is not already ITAR-registered.
The Export Administration Regulations (EAR), administered by the Bureau of Industry and Security (BIS) within the Commerce Department, govern the export of dual-use items and technology controlled under the Commerce Control List (CCL). Unlike ITAR, the EAR does not require formal registration, but EAR-controlled items require export licenses for exports to controlled countries or end-users, and license conditions attach to specific legal entities. A change of ownership may require the acquirer to re-apply for licenses that were issued to the target, particularly if the acquirer's ownership structure includes foreign persons from countries subject to EAR restrictions. EAR due diligence should identify all active export licenses, authorizations under license exceptions, and technology control plans that govern the target's export compliance program, and counsel should assess whether those instruments will need to be transferred or reissued post-closing.
14. Organizational Conflicts of Interest (OCI) Review under FAR 9.5
FAR Subpart 9.5 requires contracting officers to identify, evaluate, and, where possible, avoid, neutralize, or mitigate organizational conflicts of interest (OCIs) that could impair a contractor's objectivity, give a contractor an unfair competitive advantage, or otherwise compromise the integrity of the acquisition process. OCIs arise in three recognized categories: impaired objectivity, where a contractor is asked to evaluate proposals or performance in which it has a financial stake; biased ground rules, where a contractor drafts specifications, SOWs, or solicitation documents for work it may later bid on; and unequal access to information, where a contractor has had access to non-public information that gives it a competitive advantage on a related procurement.
In a government contractor acquisition, the combination of the acquirer's existing OCI mitigation plans with the target's existing OCI posture may create new, unresolved OCIs that neither entity had standing alone. For example, if the acquirer provides advisory and assistance services that involve evaluating contractor performance and the target is itself a performance contractor on programs the acquirer evaluates, the combination creates an impaired objectivity conflict. If the acquirer's existing mitigation plans are based on organizational separation of certain program lines, the integration of the target's staff and programs may breach that separation, invalidating existing mitigations and requiring renegotiation with the cognizant contracting officer.
OCI due diligence should map the acquirer's and target's existing OCI disclosures, mitigation plans, and waivers across all relevant programs and contracting agencies. The combined OCI landscape should then be assessed for conflicts that the acquisition itself creates or exacerbates. Where new OCIs are identified, the parties should develop a mitigation plan that can be presented to contracting officers post-closing, and the purchase agreement should include representations from the seller regarding the target's existing OCI disclosures and mitigation compliance. If a significant program in the target's portfolio carries an OCI restriction that prevents the combined entity from competing on related work that the acquirer had intended to pursue, that competitive impact should be disclosed to the acquirer's board as a material risk before closing.
Cleared Contractor Acquisition: Counsel That Knows the Regulatory Stack
FOCI mitigation, CIFIUS filings, OCI remediation, and ITAR notification each carry timelines that can determine whether a transaction closes on schedule. Acquisition Stars coordinates these workstreams from LOI through integration.
15. Cost Accounting Standards (CAS) Coverage and Disclosure Statements
The Cost Accounting Standards, codified at 48 C.F.R. Chapter 99, establish the accounting practices that certain government contractors must follow for the allocation of costs to government contracts. CAS coverage is triggered by the receipt of negotiated government contracts above specified dollar thresholds. Modified CAS coverage applies to contractors receiving covered contracts of $2 million or more; full CAS coverage applies to contractors receiving covered contracts totaling $50 million or more in the preceding cost accounting period. Contractors subject to full CAS coverage must file a CAS Disclosure Statement with their cognizant federal agency auditor describing the accounting practices they employ, and any changes to those practices require advance disclosure and government approval.
An acquisition can change a contractor's CAS status materially. If a non-covered small business contractor is acquired by a large business, the combined entity may now exceed the full CAS coverage threshold based on the acquirer's covered contract base, requiring the acquired entity to become CAS-compliant and to file a Disclosure Statement for the first time. Conversely, if a CAS-covered contractor acquires a smaller non-covered entity, the acquirer must assess whether the integration of the target's cost pools into the acquirer's accounting system requires a change to the existing Disclosure Statement, which would require advance notice to the cognizant contracting officer and potential negotiation of an equitable adjustment on existing contracts.
The cost impact of CAS accounting changes is a material financial risk in government contractor acquisitions. If the integration of two entities' accounting systems results in a change in cost allocation practices that increases the costs allocated to government contracts, the government may receive a credit under the CAS-required equitable adjustment process. If the change reduces costs allocated to government contracts, the contractor may receive additional compensation. Either outcome requires formal disclosure, government review, and potential price adjustment negotiations across all affected contracts. Pre-closing CAS impact analysis, conducted by a CAS-experienced accounting advisor working with legal counsel, should quantify the range of cost adjustment exposure and allow the parties to address it in indemnification provisions and post-closing covenants.
16. DCAA Audit Exposure and Indirect Rate Structures
The Defense Contract Audit Agency (DCAA) provides audit services for DoD contracts and certain other federal contracts, examining contractor accounting systems, indirect cost rates, and compliance with government cost accounting requirements. DCAA's audit authority extends to cost-reimbursement contracts, time-and-materials contracts, and the indirect cost structures underlying both, but it does not extend to fixed-price contracts unless the contractor has other cost-reimbursement work that affects the indirect rates applied to the fixed-price work. An acquisition that brings together two contractors with different accounting systems, indirect rate structures, and DCAA audit histories presents a complex integration challenge that has direct financial implications for government contract billing.
DCAA conducts accounting system audits when it identifies potential deficiencies in a contractor's cost tracking, allocation, or reporting practices. A change of ownership, particularly one that involves integration of two accounting systems, is a recognized trigger for increased DCAA audit scrutiny. If the acquirer's accounting system has an existing DCAA-approved accounting system determination, the integration of the target's operations into that system must be done in a way that preserves the system's compliant status. If the integration consolidates cost pools, changes indirect rate allocation bases, or modifies the business unit structure that underlies the rate structure, those changes must be disclosed to DCAA and may require renegotiation of forward pricing rate agreements.
Indirect cost rate exposure is a significant financial risk that should be quantified in due diligence. If the target has open cost-reimbursement contract years with unsettled indirect cost rates, the government may have a claim for cost disallowances on those years that has not yet been crystallized through audit. Historical indirect cost rate audits that identified unallowable costs, questioned costs, or accounting system deficiencies represent contingent liabilities that may not be fully reflected in the target's financial statements. Buyers should request DCAA audit reports for the most recent five years, review any audit findings or recommendations, and assess whether disputed costs have been adequately reserved. These findings should inform the indemnification framework and the escrow or holdback provisions of the purchase agreement.
17. Compliance Programs: Mandatory Disclosure, Ethics, and FAR 52.203-13
FAR clause 52.203-13, required in contracts over $5.5 million with a performance period of more than 120 days, imposes two primary compliance obligations on contractors. First, it requires contractors to maintain a written code of business ethics and conduct and to make the code available to each employee. Second, and more consequentially, it requires contractors to have a compliance and ethics program that includes an internal reporting mechanism (typically a hotline) and to timely disclose to the cognizant Inspector General any credible evidence of a principal, employee, agent, or subcontractor having committed a violation of federal criminal law involving fraud, conflict of interest, bribery, or gratuity, or a violation of the civil False Claims Act. This mandatory disclosure obligation runs independently of whether the government has initiated an investigation.
The mandatory disclosure obligation is one of the most significant compliance risks inherited in a government contractor acquisition. If the target has knowledge of violations that meet the mandatory disclosure threshold and has not made the required disclosure, the acquiring entity inherits that non-disclosure liability and, under successor liability principles applicable in stock purchases, may itself be subject to enforcement under the False Claims Act. Voluntary disclosure made before an acquisition closes by the target can reduce penalty exposure and demonstrate good faith, but it also creates a public compliance event that may affect the acquisition timeline or price. Buyers in stock purchases should conduct enhanced compliance due diligence specifically designed to identify undisclosed ethics hotline complaints, DCAA audit findings involving potential fraud referrals, and any inspector general investigations involving the target.
The acquirer's post-closing compliance obligations include integrating the target's ethics program into the acquirer's existing compliance infrastructure, reviewing all pending disclosures or investigations, and training the target's workforce on the acquirer's code of conduct and reporting procedures. If the acquirer's compliance program is more robust than the target's, the transition period should be managed carefully to ensure that compliance coverage does not lapse between the target's legacy program and the acquirer's incoming program. Any gap in coverage during which a reportable event occurs and is not reported creates independent mandatory disclosure exposure that is distinct from whatever pre-existing compliance issues the due diligence uncovered.
18. Representations and Warranties Specific to Federal Contractors
Standard M&A representations and warranties must be significantly expanded in a government contractor acquisition to address the regulatory and compliance dimensions that are unique to the federal contracting environment. Core govcon-specific representations include: that all contracts have been performed in material compliance with their terms and applicable law; that all representations and certifications made in connection with contract awards, bids, and proposals were accurate when made; that the contractor's accounting system is compliant with applicable government cost accounting requirements; that all indirect costs claimed on government contracts were allowable and allocable under applicable cost principles; and that no suspension or debarment proceedings are pending or threatened against the entity or its principals.
Clearance and export control representations warrant particular attention. The purchase agreement should include representations that the target holds the facility security clearances identified in the disclosure schedules, that no adverse action by DCSA is pending or threatened, that the target's ITAR and EAR registrations and licenses are current and in compliance, that no violations of ITAR, EAR, or related export control regimes have occurred or been reported to DDTC or BIS, and that the target is not aware of any investigation by DDTC, BIS, or the Department of Justice arising from export control matters. These representations should be confirmed against the target's ITAR registration history, DDTC correspondence, and any prior disclosure or voluntary self-disclosure submissions.
False Claims Act exposure is among the most significant latent liabilities in any government contractor acquisition, and the representations should specifically address it. The target should represent that no qui tam relator lawsuit under the False Claims Act is pending or, to the target's knowledge, contemplated, that no government investigation or civil investigative demand has been received, and that no overpayments, defective pricing claims, or cost disallowances are pending with the government above a specified threshold. The materiality and knowledge qualifiers on these representations must be negotiated with care: a buyer who accepts overly broad knowledge qualifiers on False Claims Act representations may find that a government investigation disclosed after closing falls outside the representation because the relevant individuals lacked subjective awareness of the investigation's existence.
19. Reps and Warranties Insurance Treatment for GovCon Deals
Representations and warranties (R&W) insurance has become a standard risk allocation tool in M&A transactions, and its application to government contractor acquisitions presents considerations that differ from commercial deals. Underwriters assess govcon-specific risks with heightened scrutiny, particularly around False Claims Act exposure, CAS compliance, DCAA audit findings, export control violations, and clearance status. Policies written for government contractor targets typically exclude coverage for violations disclosed in the diligence process, known government investigations, and certain categories of regulatory liability that are treated as inherently uninsurable because the potential penalties are measured by contract value multiples rather than by the economic harm from a contractual breach.
The False Claims Act exclusion is the most commercially significant standard exclusion in govcon R&W policies. Most underwriters will not provide coverage for claims arising under the False Claims Act on the grounds that FCA penalties, which include treble damages plus per-claim civil penalties, are punitive in nature and uninsurable as a matter of public policy in most jurisdictions. Buyers who use R&W insurance as a primary risk allocation mechanism in a govcon deal should understand that FCA exposure, which is often the largest potential liability in a government contractor portfolio, will remain uninsured and must be addressed through seller escrows, indemnification arrangements, and enhanced due diligence rather than through the R&W policy.
Notwithstanding the FCA exclusion, R&W insurance in govcon deals can provide meaningful coverage for breaches of representations regarding contract compliance, accounting system adequacy, indirect rate allowability, export control registration, and clearance status, subject to the policy's knowledge and materiality qualifiers. Buyers should work with insurance brokers experienced in govcon transactions to tailor the representation schedule and the diligence process to maximize the scope of insurable representations. The underwriter's due diligence call, which covers the govcon-specific findings from legal and accounting diligence, is a critical step in determining whether underwriters will provide coverage for the specific risks identified and whether any govcon-specific exclusions beyond the FCA exclusion will apply to the particular transaction.
20. Integration, Reporting, and Post-Closing Compliance Discipline
Post-closing integration of a government contractor acquisition must be managed with the same regulatory discipline that governed the pre-closing process. The integration plan must account for the continuing novation process, which often extends well beyond the closing date; the ongoing DCSA engagement required to maintain clearance status and resolve any FOCI mitigation requirements; the SBA re-certification filing due within 30 days of closing; DDTC notification due within five days of closing; and any CAS Disclosure Statement amendments required by changes to the combined entity's cost accounting practices. Each of these obligations has a specific deadline, and a post-closing integration workplan that treats regulatory deadlines as lower priority than operational integration will create avoidable compliance exposure.
The mandatory disclosure obligation under FAR 52.203-13 continues without interruption through the closing, and the acquirer becomes the responsible party for timely disclosure of any covered violations that were known to the target but not disclosed before closing, as well as any new violations that occur after closing during the integration period. Integration activities that involve the combined workforce, shared resources, and consolidated systems can create new compliance events, including the inadvertent sharing of export-controlled technical data between cleared and uncleared employees, the improper allocation of costs across contracts that are being transitioned between accounting systems, and the failure to maintain required separation under OCI mitigation plans when program staff are reassigned during integration.
The first 180 days after closing are the highest-risk period for a government contractor acquisition. Compliance programs are in transition, accounting systems are being integrated, cleared employees are being onboarded into new security management structures, and contracting officers are processing novation packages while performance obligations continue without interruption. Acquirers who invest in a dedicated post-closing integration team with legal, contracts, accounting, and security management representation, and who establish clear accountability for each regulatory deadline, will manage this period with significantly less exposure than those who treat compliance as a background function during what is primarily an operational transition. The regulatory framework for government contractors does not provide a grace period for the complexity of an acquisition.
Frequently Asked Questions
How long does a FAR 42.12 novation agreement typically take?
The novation process under FAR Subpart 42.12 does not follow a statutory deadline, and agency processing timelines vary considerably depending on the contracting officer's workload, the complexity of the contractor's portfolio, and the completeness of the documentation submitted. In straightforward transactions with a single primary agency, novation packages can be acknowledged and agreements executed in 60 to 120 days after submission of a complete package. Contractors with contracts spread across multiple agencies should expect a longer timeline, because each agency administers its own novation independently. Incomplete submissions are the most common cause of delay. Experienced counsel will organize the package to anticipate agency questions before they arise.
Does a small business target need to re-certify its size status after an acquisition closes?
Yes. Under SBA regulations, a small business concern must re-certify its size status upon a merger or acquisition, regardless of whether the acquiring entity is itself small. The re-certification is required within 30 days of the transaction close. If the combined entity no longer qualifies as small under the applicable NAICS code size standard, contracts awarded as small business set-asides will generally continue to completion but will not be eligible for additional orders or options unless the agency determines continued performance is in the government's interest. Buyers acquiring small business contractors should model the post-closing size status before signing the purchase agreement to understand the impact on contract portfolio viability.
Does a facility security clearance automatically transfer to the acquirer?
No. A facility security clearance (FCL) is held by the legal entity, not by individual contracts or the parent company. When a contractor changes ownership, the cleared legal entity does not automatically retain its FCL under the new ownership structure. The DCSA requires notification within a defined window, and the acquirer must satisfy all FOCI determination requirements before the FCL can be continued, upgraded, or reissued. During the gap period before FOCI is resolved, cleared work may need to pause depending on the nature of the classified programs. Pre-closing coordination with DCSA counsel is essential to avoid an involuntary gap in clearance status that disrupts contract performance.
What triggers CIFIUS jurisdiction over a government contractor acquisition?
CIFIUS jurisdiction is triggered when a foreign person acquires control of, or a substantial interest in, a U.S. business. For government contractors, the analysis extends beyond standard CIFIUS thresholds because cleared contractors and those involved in critical technology, critical infrastructure, or sensitive personal data trigger mandatory filing obligations regardless of transaction size or foreign ownership percentage. Even a minority investment by a foreign person in a company holding a facility security clearance or handling classified information can require a CIFIUS filing. The presence of foreign limited partners in an acquiring private equity fund may also implicate CIFIUS. Counsel should conduct a CIFIUS risk assessment before LOI execution.
What is the CAS coverage threshold, and does an acquisition change it?
Cost Accounting Standards coverage generally applies to contractors receiving negotiated contracts of $2 million or more, with full CAS coverage triggered on contractors with covered contracts of $50 million or more in the prior cost accounting period. An acquisition can change a contractor's CAS status in either direction. If a previously non-covered contractor is acquired by a large business, the combined entity may now exceed full CAS coverage thresholds, requiring disclosure statements and implementation of CAS-compliant accounting practices. Conversely, a large business acquiring a small business may need to segregate accounting systems to avoid cross-contaminating CAS-compliant and non-covered cost pools. CAS impact analysis should be part of pre-signing due diligence.
How does an acquirer remediate an organizational conflict of interest?
OCI remediation under FAR Subpart 9.5 depends on the type of conflict identified. Impaired objectivity OCIs, where the contractor would evaluate work in which it has a financial stake, are typically remediated through mitigation plans submitted to the contracting officer that wall off the affected program staff and establish independent review procedures. Unequal access to information OCIs may require a firewall between the conflicted program team and the rest of the organization. Biased ground rules OCIs are the hardest to remediate because they arise from prior work that shaped the specifications or SOW that others will compete against. Acquirers should inventory OCI disclosures and existing mitigation plans during due diligence and assess whether the acquisition changes any OCI posture.
Does a change of ownership trigger a TINA/truthful cost data obligation?
The Truth in Negotiations Act (now codified in 10 U.S.C. 3702 and 41 U.S.C. 3501) requires contractors to submit certified cost or pricing data for negotiated contracts above the applicable threshold, currently $2 million. A change of ownership does not itself trigger a TINA obligation, but the novation process and any associated contract modifications that change pricing, scope, or rates may require submission of certified cost or pricing data depending on the nature of the modification. Additionally, if the acquirer renegotiates contract terms as part of the acquisition integration, those renegotiated pricing actions may independently trigger TINA obligations. Counsel should confirm which contract modifications in the integration plan require certified cost data submission.
What are the main FOCI mitigation instruments?
DCSA recognizes several FOCI mitigation instruments depending on the degree of foreign ownership and the sensitivity of the cleared work. A Security Control Agreement (SCA) or Special Security Agreement (SSA) is used when a foreign entity has less than or majority ownership, respectively, establishing a Government Security Committee to oversee classified operations. A proxy agreement or voting trust places all voting rights in the hands of U.S. citizen proxy holders approved by DCSA, effectively removing the foreign owner from governance of the cleared entity. A Board Resolution may suffice for limited foreign influence situations. The appropriate instrument depends on the foreign ownership percentage, the classified program portfolio, and the foreign owner's country of origin. Clearance counsel and DCSA should be engaged before deal signing.
Does an acquisition transfer ITAR registration, or must the acquirer re-register?
ITAR registration under 22 C.F.R. Part 122 is issued to a specific legal entity and does not automatically transfer when that entity is acquired or when its parent changes. If the registered entity survives the acquisition as a legal entity, the registration may continue, but the Directorate of Defense Trade Controls (DDTC) must be notified of the change of ownership within five days of closing under 22 C.F.R. 122.4(a). If the transaction involves a merger where the registered entity is absorbed into the acquirer, the acquirer must apply for its own ITAR registration. Lapses in ITAR registration can constitute violations with significant criminal and civil penalty exposure. Pre-closing coordination with ITAR counsel is required, not optional.
What does a DCAA surprise audit look like after an acquisition?
DCAA does not schedule acquisition-triggered audits on a fixed timeline, but a change of ownership is one of the conditions that prompts DCAA to review the contractor's accounting system, indirect rate structure, and compliance with CAS if applicable. DCAA may conduct a post-acquisition accounting system review to determine whether the integration of the target into the acquirer's accounting infrastructure has preserved the allocability and allowability of indirect costs claimed under government contracts. Acquirers that consolidate accounting systems, restructure cost pools, or change indirect rate allocation bases should anticipate DCAA scrutiny and document the business justification for any changes before they are implemented, rather than explaining them after an audit finding.
What government contracts require change-of-ownership disclosure, and when must it be made?
FAR clause 52.215-2 (Audit and Records) and related clauses do not independently require change-of-ownership disclosure, but FAR 42.1204(e) requires the contractor to notify each contracting officer administering an affected contract promptly when a change of ownership occurs, as part of the novation request process. Some contracts may contain specific change-of-control notification provisions that set their own timelines, often 30 days. Classified contracts and contracts with facility clearance requirements impose additional DCSA notification obligations. Contracts funded under certain agency-specific regulations may impose yet further requirements. A thorough pre-closing contract review should identify every notification obligation and build a closing timeline that allows all required notices to be delivered on or before the required deadlines.
What is the difference between a novation agreement and a change-of-name agreement under the FAR?
A novation agreement under FAR Subpart 42.12 is required when a contractor transfers all assets, or the portion relevant to government contracts, to a successor entity as a result of a sale, merger, or consolidation. It substitutes the successor as the party to the government contracts and requires government consent, because government contracts are generally not assignable without consent. A change-of-name agreement, by contrast, is used when the legal entity holding the contracts changes its name but the entity itself remains the same, with no change in ownership or assets. A change-of-name agreement is simpler, faster, and does not require the same level of financial and legal documentation as a novation. Choosing the correct instrument for the transaction structure is one of the first legal determinations in a government contractor acquisition.
Related Practice Areas
Our attorneys handle M&A transactions and securities matters nationwide. Alex Lubyansky leads every engagement personally.